U.S. Attorney General Eric Holder confirmed Wednesday that the Department of Justice is investigating the massive Target security breach that jeopardized millions of customers’ bank information late last year.

“The Department of Justice takes very seriously reports of any data breach, particularly those involving personally identifiable or financial information, and looks into allegations that are brought to its attention,” Holder told the Senate Judiciary Committee at a hearing Wednesday.

“Now while we generally do not discuss specific matters under investigation, I can confirm that the department is investigating the breach involving the United States retailer Target, and we are committed to working to find not only the perpetrators of these sorts of data breaches but also any individuals and groups who exploit that data via credit card fraud.”

As many as 40 million customers’ credit and debit card numbers may have been stolen by hackers during the pre-Christmas shopping rush, Target has warned. The hackers also took email addresses, phone numbers names and home addresses from an estimated 70 million people.

Minneapolis-based Target said in December that it was working with law enforcement and financial institutions as part of an investigation, but Holder didn’t confirm the Department of Justice investigation until Wednesday. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice,” CEO Gregg Steinhafel said in a statement.

The malware used to hack the Target system may have been written by a 17-year-old Russian, according to software intelligence company IntelCrawler — though the teen likely was not the perpetrator of the theft.